/** * Upload a file * * @return void */ public function uploadTask() { if (Request::getVar('no_html', 0)) { return $this->ajaxUploadTask(); } // Check for request forgeries Request::checkToken(); // Incoming $id = Request::getInt('id', 0); if (!$id) { $this->setError(Lang::txt('COM_STOREFRONT_ERROR_NO_ID')); $this->displayTask('', $id); return; } // Build the path $type = strtolower(Request::getWord('type', '')); $path = $this->_path($type, $id); if (!$path) { $this->displayTask('', $id); return; } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!$file['name']) { $this->setError(Lang::txt('COM_STOREFRONT_NO_FILE')); $this->displayTask('', $id); return; } $curfile = Request::getVar('curfile', ''); if (!is_dir($path)) { if (!Filesystem::makeDirectory($path)) { $this->setError(Lang::txt('COM_STOREFRONT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH')); $this->displayTask('', $id); return; } } // Make the filename safe $file['name'] = Filesystem::clean($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); // Perform the upload if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) { $this->setError(Lang::txt('COM_STOREFRONT_ERROR_UPLOADING')); $file = $curfile; } else { if (!Filesystem::isSafe($path . DS . $file['name'])) { Filesystem::delete($path . DS . $file['name']); $this->setError(Lang::txt('COM_STOREFRONT_ERROR_FILE_UNSAFE')); $this->displayTask($curfile, $id); return; } // Do we have an old file we're replacing? if ($curfile = Request::getVar('currentfile', '')) { // Remove old image if (file_exists($path . DS . $curfile)) { if (!Filesystem::delete($path . DS . $curfile)) { $this->setError(Lang::txt('COM_COURSES_ERROR_UNABLE_TO_DELETE_FILE')); $this->displayTask($file['name'], $id); return; } } } switch ($type) { case 'product': // Instantiate a model, change some info and save $product = new Product($id); $product->setImage($file['name']); break; default: echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_INVALID_TYPE'))); return; break; } if (!$product->update()) { $this->setError('Error updating product'); } $file = $file['name']; } // Push through to the image view $this->displayTask($file, $id); }